Shumaker Launches New Data Breach Practice Group

Sarasota, Fla. — Responding to a new Florida statute creating complex rules for companies who experience a data breach, the Sarasota office has formed a new practice group dedicated to helping businesses respond quickly and properly when customer information is compromised.

In today’s increasingly hostile cyber environment, the seven-member team will advise clients as to the best practices to prevent, respond and control electronic data breaches, and will handle any legal disputes that may arise. Furthermore, Shumaker, Loop & Kendrick, LLP will coordinate forensic specialists to investigate, contain and recover lost data, if necessary.

On the heels of several widely publicized nationwide consumer data breaches, The Florida Information Protection Act of 2014 requires that all companies take reasonable measures to protect personal data, such as encrypting it or removing personally identifiable information. Any data breach that affects 500 or more individuals must be reported to the Florida Department of Legal Affairs within 30 days, and companies must also supply forensic reports and their internal breach policies.

In many circumstances, the company must also notify individuals whose information is compromised within 30 days. If the breach involves more than 1,000 individuals, all credit reporting agencies must be informed. There are serious consequences for failure to comply with the new rules, as companies may face fines of up to $500,000.

Data breaches have become distressingly common. According to the Florida Senate analysis of the new measure, more than 600 breaches occurred in 2013, affecting 91 million Americans. With no overarching federal law to govern how companies safeguard customer information and notify their customers in the case of a breach, states have taken the initiative to create new laws. The new Florida law defines personal information that must be protected to include: email addresses and account numbers with passwords, first and last names with health or medical information, Social Security and driver license numbers, and online account credentials.

“The initial determinations are critical to inform the course of action taken,” Taaffe says. "Due to the potentially severe ramifications, these determinations should only be made with the assistance of experienced attorneys and technology experts.”

Employees of virtually every level now have personal electronic devices connected to company information systems. As these personal electronic devices become even more prevalent in the future, breaches will continue to increase. Recent breaches at Target, Home Depot and J.P. Morgan prove that even the most sophisticated businesses are not immune to the problem.

“Any business that stores individuals’ personal information needs to take immediate steps to create a data breach plan that complies with the new Florida law and which contemplates prevention, containment and resolution,” Taaffe says. “The risk of a data breach increases daily and the result can cripple a business that is not prepared.”

Shumaker’s new team is arranged to assist clients whether or not they have already experienced a breach. Shumaker is experienced in all aspects of data breach law, and can handle clients from the prevention stage through breach, litigation and resolution, as necessary.

“In our wired world, sooner or later, a breach is bound to occur,” says Taaffe. “Florida companies need to match the proactive steps taken by the legislature to protect the lifeblood of their business – the customer.”

About Shumaker, Loop & Kendrick, LLP

Shumaker, Loop & Kendrick is a full-service business law firm with more than 240 lawyers, 60 paralegals and 495 employees in five offices: Toledo and Columbus, Ohio; Tampa and Sarasota, Florida; and Charlotte, North Carolina. In each of its markets, Shumaker is the premier provider of quality legal services to individuals, small businesses, health care providers, nonprofits, Fortune 500 and international corporations.